Ubiquiti UniFi Access: Attackers can gain unauthorized access

In the access control solution Ubiquiti UniFi Access, the manufacturer warns of a critical security vulnerability with the highest rating. It apparently allows attackers to access an administrative programming interface (API) – without authentication. Updated software to close the security gap is available.

Ubiquiti has published a security notice has been published regarding the problem (the page may only be accessible after prior access via the Ubiquiti Community Release Homepage). The description of the vulnerability remains somewhat vague: “Malicious actors with access to the management network can exploit a misconfiguration in UniFi's Door Access application, UniFi Access, exposing an API without proper authentication” (CVE-2025-52665, CVSS 10, Risk “Critical”).

Ubiquiti does not explain the exact implications or what attacks might look like. Presumably, attackers with network access could thus gain unauthorized physical access to premises secured with Ubiquiti UniFi Access. The risk rating suggests ease of exploitation.

Ubiquiti UniFi Access: Updates available

The manufacturer states that the security-relevant error was introduced in version 3.3.22 of UniFi Access, affecting versions up to and including 3.4.31. Versions 4.0.21 or newer are now available, which fix the vulnerability. Admins should update immediately. Ubiquiti indicates this version as a migration path. It has apparently been available for installation since mid-October; the changelog, however, does not mention any security vulnerability closed with it – so they might have omitted some.

Less than two weeks ago, Ubiquiti had to deal with a vulnerability classified as highly risky in UniFi Talk. The debugging function of the IP telephony solutions was apparently not deactivated from the factory as intended, allowing attackers with access to the UniFi Talk management network to access it via the APIs.

(dmk)